HAProxy truncating requests?

du8die

I'm using HAProxy on PFSense (new install in March) to reverse proxy (LB) traffic to two back end IIS servers.

It appears that every once in a while, I have a specific file that is having the last 4 characters truncated. When I hit one of the servers off of the load balancer, the request is always delivered in tact.

When I check the request with fiddler, the content length of a truncated response and one that is in tact is the same, 574492.

However, the end of the file is truncated. If I load the page 10 times, the specific script will work 9 of the 10 times.

My config is below - and I'm pulling out my hair on this one. Does HAProxy do any internal caching? Don't even know where to begin.

Thanks!

# Automaticaly generated, dont edit manually.
# Generated on: 2021-04-15 13:28
global
	maxconn			100000
	stats socket /tmp/haproxy.socket level admin  expose-fd listeners
	gid			80
	nbproc			1
	nbthread			1
	hard-stop-after		15m
	chroot				/tmp/haproxy_chroot
	daemon
	tune.ssl.default-dh-param	2048
	server-state-file /tmp/haproxy_server_state

listen HAProxyLocalStats
	bind 127.0.0.1:2200 name localstats
	mode http
	stats enable
	stats admin if TRUE
	stats show-legends
	stats uri /haproxy/haproxy_stats.php?haproxystats=1
	timeout client 5000
	timeout connect 5000
	timeout server 5000

frontend SharedFrontEnd-merged
	bind			104.x.x.x:443 name 104.x.x.x:443   ssl crt-list /var/etc/haproxy/SharedFrontEnd.crt_list  
	mode			http
	log			global
	option			http-keep-alive
	option			forwardfor
	acl https ssl_fc
	http-request set-header		X-Forwarded-Proto http if !https
	http-request set-header		X-Forwarded-Proto https if https
	timeout client		300000
	acl			app	var(txn.txnhost) -m str -i app.x.com
	acl			aclcrt_APPFrontEnd	var(txn.txnhost) -m reg -i ^app\.x\.com(:([0-9]){1,5})?$
	acl			api	var(txn.txnhost) -m str -i api.x.com
	acl			aclcrt_APIFrontEnd	var(txn.txnhost) -m reg -i ^api\.x\.com(:([0-9]){1,5})?$
	acl			public	var(txn.txnhost) -m beg -i public.x.com
	acl			aclcrt_publicFrontend	var(txn.txnhost) -m reg -i ^public\.x\.com(:([0-9]){1,5})?$
	acl			aclcrt_SharedFrontEnd	var(txn.txnhost) -m reg -i ^public\.x\.com(:([0-9]){1,5})?$
	acl			process.x.com	var(txn.txnhost) -m str -i process.x.com
	acl			aclcrt_processFrontend	var(txn.txnhost) -m reg -i ^process\.x\.com(:([0-9]){1,5})?$
	acl			app	var(txn.txnhost) -m str -i testing.x.com
	acl			aclcrt_TestingFrontEnd	var(txn.txnhost) -m reg -i ^testing\.x\.com(:([0-9]){1,5})?$
	http-request set-var(txn.txnhost) hdr(host)
	use_backend APPBackend_ipv4  if   aclcrt_APPFrontEnd
	use_backend APPBackend_ipv4  if   aclcrt_APIFrontEnd
	use_backend APPBackend_ipv4  if   aclcrt_publicFrontend
	use_backend APPBackend_ipv4  if   aclcrt_SharedFrontEnd
	use_backend ProcessBackend_ipvANY  if   aclcrt_processFrontend
	use_backend APPBackend_ipv4  if   aclcrt_TestingFrontEnd

frontend http-to-https
	bind			104.x.x.x:80 name 104.x.x.x:80   
	mode			http
	log			global
	option			http-keep-alive
	timeout client		300000
	http-request redirect scheme https 

frontend AppInternalLB
	bind			192.x.x.x:443 name 192.x.x.x:443   ssl crt-list /var/etc/haproxy/AppInternalLB.crt_list  
	mode			http
	log			global
	option			http-keep-alive
	option			forwardfor
	acl https ssl_fc
	http-request set-header		X-Forwarded-Proto http if !https
	http-request set-header		X-Forwarded-Proto https if https
	timeout client		30000
	acl			app.x.com	var(txn.txnhost) -m str -i app.x.com
	acl			aclcrt_AppInternalLB	var(txn.txnhost) -m reg -i ^app\.x\.com(:([0-9]){1,5})?$
	http-request set-var(txn.txnhost) hdr(host)
	use_backend APPBackend_ipv4  if   aclcrt_AppInternalLB

backend APPBackend_ipv4
	mode			http
	id			10100
	log			global
	balance			roundrobin
	timeout connect		300000
	timeout server		300000
	retries			3
	source ipv4@ usesrc clientip
	server			APP02 192.x.x.x:80 id 10102 check inter 1000  

backend ProcessBackend_ipvANY
	mode			http
	id			103
	log			global
	timeout connect		30000
	timeout server		30000
	retries			3
	server			process 192.x.x.x:80 id 104 check inter 1000